Lighting a match in the dark web

Tag Archives: coding

Has all my talk about the dark web and malware come back to bite me in the ass? Maybe…

One of my readers sent me a message and informed me that according to the site Quttera, I had malware on this very blog. For all my talk about being safe and blah blah blah, it is a little ironic that I could have malware on my own site, isn’t it? Here were the scan results, according to them:

So, I have one malicious file and one “potentially suspicious” file? Well, that’s cause for concern, but it could have been worse. Of course, according to them, if I want to remove said malware, I have to sign up for the paid version (isn’t that always the case?).

I suppose it’s not unlike scanning your computer or device with different antivirus programs: they won’t pick up everything. And look: as I’ve said before, I’m not a full-fledged “hacker” (at least not yet), although I’m in the process of learning. You have to make a few mistakes before you get there. (To tell the truth, I’m shying away from the term “hacking,” since it has so many connotations. How about “coder”?)

Given that my site is still functioning, for the most part, that’s good news! I did some searching, and found a few tools that are designed to remove such malware:

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

One in which you could communicate via Telnet or Netcat over the Tor network.

No DNS, no sites, just chats.

Each user has his own list of peers.

No nicknames, just onion domains.

Everything is done manually, to avoid potential security flaws.

Users select someone to chat with from the peer list and connect via TCP socket over Tor.

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

Fresh Onions has its fair share of onion links, and like Harry71’s former site, it’s updated frequently. I was going to take a screenshot of the whole site, but on the device I’m currently using, that function was disabled.

Basically, the list of onions can be sorted by URL, Title, how recently it was added, when it was last visited, or when it was last up (i.e. active). At the time of this writing, it lists 4470 onions, and growing.

So you may be wondering – what kinds of sites are on it?? Well, at first glance, I see a lot of tech sites, some markets, a few forums, and some scam sites. Just what I expected!

While I have yet to create my own onion crawler, here’s a short sampling of some of the sites that are listed on Fresh Onions (note – I make no claim as to the authenticity of any of these; if it sounds like a scam, it probably is.):

DISCLAIMER: I have not used any of the “passwords” in this post as real passwords. So go ahead and try them all you want!

An acquaintance contacted me recently, and was asking about how to use darknet markets. One of the things I had advised this person to do was to make sure that they used a secure passphrase and/or username.

This is just good internet advice in general, but I would say that it goes double for the dark web.

One of my earliest posts on this blog was entitled Dark Web: Fake Words and Secret Codes. In it, I had suggested the diceware method for generating strong passwords – and I still do, actually!

Just to review: the way this is accomplished is that you roll a die (or pair of dice), and each 5-number set represents a word, number, or group of letters taken from a long word list.

They might look like this:

52121 ron

43453 noel

11243 acidic

53223 sequel

36514 llll

You then combine those words or numbers together, and that’s your password. Some people add periods or dashes in between the words, too. So, the final result would be “ron.noel.acidic.sequel.llll.”

“Use blocks of four letters, chosen at random from a set of safely recognizable characters which are in the same position on German and US keyboards. Delimit blocks by a delimiter chosen at random from another set of characters.”

There’s a Javascript version of the password generator on the post itself, as well as code for it in Javascript, Python, and Wisp. You can read the full post if you want to find out more, but I also thought I’d show you some of the passwords that the generator came up with.

Well OK, 50 is probably overkill. One thing to point out – though you can use the password generator online, it’s much safer to download the web page and do it offline. I tried it – it works just fine!

There are a number of other sites that have a similar feature, but with any of these, I would recommend the same thing – download the page and generate the password offline.

Even if you don’t want to use these for your passwords, they can be fun to try out:

Well, it finally happened. The previous computer I had been using to write this blog crashed…permanently.

Now, whether that had anything to do with the fact that I was using the dark web or not, I don’t know. (I’d like to think not.) It was also a seven year-old computer, and some of the error messages indicated that the hardware was having issues, so that was more than likely the problem.

You may ask – so how are you writing right now? Well, I have a few older systems I can use for the time being, but I would like to ultimately switch to a Linux OS, even though that’ll take some getting used to.

I have some limited experience with them through live CD operating systems, but I know that that’s not quite the same thing. One reason I’d like to switch is that because I’m also learning to code, Linux systems seem more geared toward that (am I wrong?).

I also feel that, in general, they’re more secure, although of course no system is completely unhackable. Even more than that, though, I like that they’re less automated.

One thing that used to frequently annoy me about Windows systems was that they would try to do everything for you and guess your every move. I remember using an early version of Word back in the day when I would write fantasy stories, and it would autocorrect the names of my made-up characters.

Me (typing): Zostarath and Megilligand fought valiantly with their swords.

Autocorrect: Zoroastrian and Megillah fought valiantly with their swords.

Me: Damn you, autocorrect!

Of course, there were ways around this, but it was still frustrating, and I had the same problem with later versions of Windows too.

Command Lines, How Do I Love Thee?

So, I’m aware that using the command line interface after many years will take some getting used to, and may involve a little frustration, but I think I can get the hang of it again.

This also seems ideal for coding, in a sense. The question is, which system should I use? I haven’t decided that yet. (Oh, woe is me! Woe is me!)

I’ve been browsing Linux Preloaded to see some of what’s available, and I’m sure I’ll come up with something.

And before I officially start using one of these systems, I’ve been brushing up on my Linux commands with sites like Red Hat Developers.

Now – I’m sure this isn’t quite as exciting as talking about the dark web, but hear me out. If I’m going to delve deeper into the world of internet security, etc., I think I need the appropriate system.

It seems as if there are a million options, so the sky’s the limit. Seriously, if any of you are experienced Linux users, and you have some good suggestions, feel free to share them.

I will say that I’m not going into this blindly – Whonix did have something similar, called the Konsole, which was essentially the command line interface. I’ve used it enough to get the hang of it, but still, it was a far cry from a full Linux OS.

Am I about to get frustrated all over again? Probably. But that’s OK in my book.

Hey, I’m always up for a good learning experience…this will just be one more, right?

When I first started working on this ChaosVPN project, I never imagined what fun it could be. It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki. And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system. As it turns out, I hadn’t completed all the steps to installing it (go figure)! That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary. If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8. Hmm…it doesn’t include Windows 10, but does that mean it won’t work? Not necessarily, but I know how logical Windows can be sometimes.

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up. This still seemed like the ideal option for me. It reminded me very much of the MS-DOS days from my childhood.

So I started going through the steps again, trying to be a little more patient this time! I finally got it working, but haven’t used it much yet. My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take. I still don’t consider myself a hacker just yet, but I’m working on that.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193. For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh. 🙂

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more. Just to stress: it isn’t really the “deep web” or the “dark web.” I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

Alright, I admit it! I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago. I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers. The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces. Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking. ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access! For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar? No? Let me refresh your memory:

*Sigh* Yes, it’s our old friend “The Shadow Web” again. The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org. Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.) Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.”

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell?

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the internet without exposing any information to others.”

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

Nope. It’s 100% accurate! From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do. I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system. I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems: